multiservice edge architectures and solutions for service ...faculty.ccc.edu/mmoizuddin/cisco live...

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

1

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1BRKAGG-200114557_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-200114557_04_2008_c1 2

Multiservice Edge Architectures and Solutions for Service Providers

BRKAGG-2001


2


Abstract

This session presents design options for centralized and distributed multiservice broadband network architectures that scale to tens of millions of subscribers and bandwidths up to 100 Mbps per household. The session introduces popular triple-play broadband aggregation architectures. The advantages and disadvantages of the different architectures in terms of bandwidth scalability, policy plane scalability, failure radius, traffic patterns, service flexibility, and more is then discussed. Attendees learn to identify the architectural trade-offs between centralized and distributed broadband architectures, and which criteria should be used in an architectural evaluation.


Agenda

The Evolution of Multimedia Services

Broadband Architecture Models

Architectural Comparison

Sample NGN Broadband Architectures

Summary


3


The Evolution of Multimedia Services


Understanding Where Broadband Started Reasons the BRAS Began Centralized

Initially sparse customer take rates

Faster Roll-out in coverage

Subnetting & IP address pool utilization

Reuse of SDH infrastructure

Internet Access “Star Aggregation” traffic dominance

Similar to centralized Dial paradigm

Conservative growth assumptions

Availability of IP Operations Expertise WhichStill

Apply?


4


Massively distributedSelf-service / instant ITDesktop Virtualization

Instant business“Office of One”Profitable interactions

Grassroots innovationPersonalizationConsumer within

Virtualized, SecureReal-time

Information

Borderless Enterprise

EmpoweredUser

Customers Are Transforming…

THE NETWORK IS THE PLATFORMCOLLABORATION, WEB 2.0, PRODUCTIVITY


Service Transformations

Web 2.0 – the network as the platform

Empowered UsersPersonalization

Virtualized, secure, real-time informationMassively distributed

Self-service / instant IT

Desktop Virtualization

Borderless EnterpriseInstant business

“Office of One”

Profitable interactions

Service Provider Implications1. Enable ubiquitous high bandwidth, quad-play services

2. Increase speed to integrated, scalable services

3. Move up the value stack with the customer


5


NTT Next-Generation ServicesResidential

Home EntertainmentDigital Terrestrial TV over IPHD IPTVHD VideoHigh-quality audio distribution

High-Definition VideophoneOne phone (FMC)Home & Security control

Kids-safety, supervisory robots

BusinessConferencing

TV Conferencing (incl. Multipoint Web)Wideband IP Conference Phones

Seamless CommunicationHD Interactive Video, Web collaboration

Advance telecommuting, push-to-talk-multimedia

Nursing & Medical care servicesTelepathology, Medical information sharing

Public ServicesDisaster information, earthquake early warning, Safety information sharing

Highly secure Network Services

http://www.ntt.co.jp/ir/library_e/nttis/2007spr/note.html


Service Innovation Is Key to Incremental Revenue Generation

PSTNPSTN

… … …

OA&MOA&M

CPE

Voice apps

Enterprise data

Consumer data

Frame relay/ ATM

Frame relay/ ATM

Internet access

Internet access

OA&MOA&M OA&MOA&M

Existing service delivery approach

CostlySlow to market

IntegratedOne-size-fits-all

3rd party applications

Network services / Intelligent IP infrastructure

Network services / Intelligent IP infrastructure

… … …

OA&MOA&M

Open service deliveryOpen service deliveryCPE

NGSPapps

ASP Content

NGSP destination

EfficientRapid response

OpenPersonalized

Open service deliveryfor faster innovation

& competitivedifferentiation

Flexible business models to matchservice lifecycle


6


Telecom Italia (42€)

VoD w/ 25000 titlesSKY TV, Exclusive MTV, 100 TV channelsEPGUp to 20Mbps Flat rate InternetVoice with SMSFree 2nd phone number (VoIP)WiFi Modem

23 TV channelsVoDFirewall & Security3Mbps downstream ADSL 20MB email storage50MB homepage

KPN (53€)

France Telecom

(35€)50 TV channels1000 VoDTime-controlSecondary phone with unlimited metropolitan callsVoice mailUp to 18Mbps / 800 Kbps internet5 email accounts Web page Parental control

Understanding Where Broadband Is GoingCurrent European SP Multimedia Service Offerings

It is time to revisit some operational assumptions…

Formuleinternet+TV+téléphone

Alice Home TV InternetPlusBellen Lite + Interactieve TV

Deutsche Telekom

(49€)VoD w/ 1700 titles70 TV channelsEPG, NW-VCR,Up to 16Mbps Flat rate InternetVoice with SMSFree 2nd phone number (VoIP)Hotspot flat rate

T-Home Entertain


Broadband Architecture Models


7


Definitions

Single-Edge vs. Multi-Edge ServicesSingle: all services destined to the same subscriber flow through one edge system, forming an integrated policy enforcement point

Multi: services destined to the same subscriber do not flow through one edge system.

Centralized vs. Distributed EdgeCentralized: Edge systems are concentrated in few IP PoPs and are connected to access nodes via an aggregation network.

Distributed: Edge systems are dispersed in many IP PoPs close to the subscribers and may even be co-located with the access nodes

Clustered vs. UnclusteredUnclustered: Allocating all subscribers for a particular service to one system

Clustered: Allocating the subscribers to a particular service over many systems located in the same PoP


Architectural Dimensions

DistributedCentralized

Single-Edge

Multi-EdgeClustered

Unclustered

Some services are produced on distributed devices, whereas other

services are produced centrally

All services flow through a single device, distributed in the architecture close to the

subscriberDistributed

Separate devices for various services. Could be service specific

edge, or common per-subscriber PEP but on multiple systems

All services flow through single device, located in a centralized PoPCentralized

Multi-EdgeSingle-EdgeServices

Geographic

x

y

z


8


Centralized Unclustered Single-Edge

CoreAccess Edge

DSL

Content Farms

VOD TV SIP

Mobile

ETTx

PON

MSPP

Cable

Identity Address Mgmt

Portal Subscriber Database

Monitoring Policy Definition

Billing

Policy Control Plane (per subscriber)

AggregationL2 / Simple L3

Aggregation NetworkMPLS/IP

Integrated Services

Core NetworkMPLS /IP

Residential

STB

Business

Corporate

Internet Voice VoD / TV Business

Residential

STB


Centralized Clustered Single-Edge

EdgeAggregationL2 / Simple L3


Integrated Services

Core

Content Farms

VOD TV SIP




Billing


Access

DSL

Mobile

ETTx

PON

MSPP

Cable


Residential

STB

Residential

STB

Business

Corporate



9



MSE

DPI


BNG

Core





Billing


Content Farms

VOD TV SIP

Access

DSL

Residential

Mobile

ETTx

PON

MSPP

Cable

Residential

STB

Residential

STB

Business

Corporate


Centralized Unclustered Multi-Edge


Centralized Clustered Multi-Edge


MSE

DPI


BNG

Core





Billing


Content Farms

VOD TV SIP

Access

DSL

Mobile

ETTx

PON

MSPP

Cable

Residential

STB

Residential

STB

Business

Corporate



10


Access

DSL

Mobile

ETTx

PON

MSPP

Cable

CoreEdgeContent Farms

VOD TV SIP


Integrated Service

Ethernet/MPLS/IP




Billing


Residential

STB

Residential

STB

Business

Corporate


Distributed Unclustered Single-Edge


Distributed Unclustered Single-Edge

Access

DSL

Mobile

ETTx

PON

MSPP

Cable

CoreEdgeContent Farms

VOD TV SIP


Integrated Service

Ethernet/MPLS/IP




Billing


Residential

STB

Residential

STB

Business

Corporate



11


Architectural Comparison


Architectural Comparisons

The different architectures can be evaluated against the following criteria

Capital Expenditures

Scalability (Bandwidth / Subscriber, Transport, Policy Control)

Operational Complexity (Troubleshooting, QoS)

Reuse of existing Operations procedures

Availability

Traffic Patterns

Economically serving areas of differing subscriber density

Service Flexibility

Operational Flexibility


12


Cost Optimization

Goal is to minimize overall Total Cost of Ownership (TCO) related to the deployment and operation of a broadband aggregation network delivering quad-play servicesMin Σ Capex(services, time) + Σ Opex(services, time)

s.t. Traffic flows <= Link CapacityTraffic flows <= Node capacityNode Capacities >= Number of subscribers….

Note: not just minimization of initial Capex at time t=0!Also minimization of Opex and expansion Capex

Assumes a timeframe tNeed to take subscriber and traffic growth into account

Network equipmentBNG, DSLAMs, PON…

Servers for each serviceSIP, RACS, RADIUS, Softswitches, Gateways…

Link CostsReal Estate

Capex Variables Opex VariablesPower: network, servers

SIP, RACS, RADIUS, Softswitches, Gateways…BNG, DSLAMs, PON…

Real estateLabour & Maintenance

OSS Changes, Cutover

Management Costs


Geographic Context for Overlaying Costs

Services with Local traffic needs (Video Caching, PSTN interconnect)

Availability / topology of Fiber

Areas of sparse subscriber density

Variety of mechanisms for failure recovery (IP, STP, RPR, RRR, WDM)

Availability / efficiency of Public IP subnetting

Size of BRAS failure domain

Speed/cost of BRAS failover

Flexibility to do area splits

Operations ability to manage local network elements

Broadband Aggregation StarAlternate paths not shown

C.O. data courtesy of:


13


Capital Expenditures (CapEx)

Argument around number and cost of devicesCentralized Multi-Edge architecture benefits from incumbency

Re-use of installed base, evolution of existing architecture

Pure L2 aggregation networks combined with centralized edge architectures seem to have cost advantages

BUT: how to handle multicast traffic in a pure L2 aggregation networkMotivate IP-enabled aggregation networks

Number of IP enabled devices in centralized and distributed architectures in same order of magnitude

Thus Capex in a similar rangeCapEx of distributed architecture comparable to centralized architecture with IP-enabled aggregation infrastructure

DistributedCentralized

?

Unclustered Single-EdgeClustered Multi-EdgeUnclustered

Multi-EdgeClustered Single-EdgeUnclusteredSingle-Edge


0.0

50.0

100.0

150.0

200.0

250.0

300.0

350.0

5000

1000

015

000

2000

025

000

3000

035

000

4000

045

000

5000

055

000

6000

0

Active Subscribers

Ban

dwid

th (G

bps)

0.9 Mbps / sub 10 Gbps Engine2.75 Mbps / sub 20 Gbps Engine5.1 Mbps / sub 160 Gbps Engine

Scalability—Bandwidth per Subscriber

Multimedia traffic impacts subscriber scalability per system

Bandwidth per subscriber increases from ~200 Kbps/sub for traditional Internet to 1-6Mbps/sub for multimedia servicesModels assume different service concurrency rates for Voice / Video / TV / Internet

Fixed-Mobile-Convergence place substantial additional scalability demands on systemsCentralized single-edge architectures reach scalability limitsClustered, multi-edge or distributed architectures offer better architectural scalability

Smaller number of subscribers per system

DistributedCentralizedUnclustered Single-

EdgeClustered Multi-EdgeUnclusteredMulti-EdgeClustered Single-EdgeUnclustered

Single-Edge


14


Scalability—Policy Control and Enforcement

Control plane functions are harder to architect than forwarding plane functions!Multi-edge requires multiple policy control messages to different network nodes Single-edge architectures benefit from single policy enforcement point

Policy enforcement communication efficienciesSingle authentication and authorization for all services at the policy enforcement pointMultiple services can be activated / de-activated in a single RADIUS CoA message with ISGBut: Centralized sing architecture needs to maintain a vast amount of state information per subscriber

Distributed Architecture benefits from Policy enforcement close to subscriber

No need to backhaul traffic that can be dropped

Distributed Single-Edge

Core

Per-subscriber

Multi-Edge

Aggregation MPLS/IP/Ethernet

Core

Per-subscriber per service



Single-Edge


ETSI TiSPAN Architecture MappingFunctional Building Blocks

Edge

CoreAccessResidential

STB


RCEFAMF

NASS


Applications

User Equipment

TISPAN NGN CoreAccess network

RACS

DiameterH.248<tbd>

RACS

CLF

CNG RCEF

UAAFPDBFCNGCF

AMF

NACF

C-BGF I-BGF

I/S-CSCFP-CSCF

IBCF UPSF

TE

e3

e1

e2

a3

a4

a1

a2

e2

Re

Rqe4

Gq’Gq’

Gm

MwMx Mx Cx

IaIa

Sh

Isc

SPDF

A-RACFRr

Rd’

Service subsystems

IMS Core PSTN Emulation


15


TiSpan Building Blocks

TransportTE: Terminal EquipmentCNG: Customer Network GatewayAMF: Access Management FunctionRCEF: Resource Control Enforcement FunctionC-BGF: Core Border Gateway FunctionI-BGF: Interconnecting Border Gateway Function

Resource Admission Control Sub-system

A-RACF: Access Resource & Admission Control FunctionSPDF: Serving Policy Decision Function

Network Attachment Sub-systemCLF: Connectivity Session Location Repository FunctionCNGCF: Customer Network Gateway Control Function NACF: Network Address Configuration Function UAAF: User Authorization & Authentication Function

PDBF: Profile Database Function

Service SubsystemsP-CSCF: Proxy call session control functionI/S-CSCF: Interrogating / service call session control functionIBCF: Interconnecting Border Control FunctionUPSF: User Profile Serving Function


Scalability—System Resources

Amount of state information required can be substantial per BRASMemory

Chart shows per-session memory (function of QoS, HA, ISG)Configuration memory can be substantial (e.g. 7MB for 10000 triple-play subscribers)

Calls-per-second ratesAt 100 CPS, takes 10 minutes to set up 60000 sessionsIn addition to system boot time

Control Traffic BandwidthIP Address Allocation (e.g. DHCP)Session setup (e.g. PPP LCP, IPCP, PPPoE)Service setup (e.g SIP calls, ISG services)Min 12 messages and 300B per subscriber



Single-Edge

0

200400

600800

10001200

14001600

1800

5000

1000

015

000

2000

025

000

3000

035

000

4000

045

000

5000

0

Number of sessions

Mem

ory

Req

uire

d (M

B)

No QoS QoS QoS w/ ISG

Memory for sessions onlyNot counting other configuration


16


Scalability—Transport

Centralized architectures rely on transport tunneling mechanisms in the aggregation network

VLAN / Tunnel scalability needs to be taken into accountMapping of VLANs to services: per-DSLAM VLANs, per-service VLANs, customer VLANs…

Tunnel scalability limits may be mitigated using clustering or multi-edge architectures.Distributed architecture can leverage self-organizing, self-healing IP / MPLS backhaul

Equivalent to core IP/MPLS (e.g. with MPLS VPN)Reduction in SP managed objects (e.g. EVC crossconnects, pseudowire tunnels)

Ethernet UNI

Ethernet UNI



Single-Edge

Aggregation Node

BNGPPP, IP, MPLS MPLSMPLS / IP

DSL, Ethernet

Access Node

BNG

Distribution Node

Business E-LINE

Business E-LAN

EoMPLS PWEoMPLS Pseudowire VPLS

H-VPLS MPLS NNI

MPLS NNI

Port, 1:1 VLAN

Port, 1:1 VLAN

Port, 1:1 VLAN

Port, 1:1 VLAN

N:1, 1:1 VLAN modelsEoMPLS Pseudowire

N:1 VLAN modelIP/MPLS w. Multicast

EoMPLS PW

IP/MPLS NNI

Ethernet UNI


Operational Aspects—Provisioning

Single-edge architectures allow provisioning of all subscribers and services on a single system

e.g. facilitates QoS provisioning across services for the same subscriber using hierarchical schedulers

Multi-edge architecture leads to distributed provisioning for services destined to the same subscriber

Requires intelligent protocols for proper QoS management (e.g. ANCP)

Generation of significant amount of state information

Distributed architecture requires no per L2 service-instance provisioning/assurance in the aggregation network

Relies on diffserv mechanisms of IP/MPLS aggregation



Single-Edge


17


Operational Aspects—Troubleshooting

Centralized architectures rely on transport tunneling mechanisms in the aggregation network

VLANs, PBT, Pseudowires, T-MPLS

Adds complexity for trouble-shooting the aggregation network

Single-edge architecture facilitates provisioning & trouble-shooting on a single system

Economies of integration

Multi-edge architectures can be trouble-shooted by service

Clustered or distributed architectures benefit from smaller number of subscribers and thus pinpointing of failures

MPLS/IP

MPLS/IP

Backhaul TunnelProvisioning & Maintenance

Subscriber Provisioning & Maintenance

Distributed Subscriber Provisioning & Maintenance



Single-Edge


Service Availability

Distributed and clustered architectures typically employ smaller systems

Smaller fault-domains impact fewer subscribersLess risk of losing subscribers

Higher overall service availability

In-box redundancy can be used to ensure that certain failures are transparent to subscriber sessions

E.g. redundant routing / forwarding engines supported by Broadband high-availability features

Dual-homing ofDistributed edge nodes comparable to dual-homing of aggregation switches

Subscribers to distributed integrated edge systems (shorter loop lengths)

Centralized Single-Edge

Aggregation MPLS/IP/Ethernet

Failure Radius

Core

Distributed Single-EdgeFailure Radius

Core



Single-Edge


18


Agg.

Agg.

Agg.

Traffic Patterns Affecting the Architectural Choice

Backhaul & Client/Server trafficTransits both BRAS and core

E.g.: HSI traffic, VoD traffic, Tunneled traffic

Multicast trafficSourced in the core and replicated at the BRAS

E.g.: broadcast TV

Traffic local to a BRASP2P traffic between users terminated on the same BRAS

E.g.: voice bearer traffic, P2P traffic;

Also applies to locally generated / sourced trafficIP / MPLS

CoreAgg.

IP / MPLS Core

IP / MPLS Core

IP / MPLS Core


Traffic Patterns—Architectural Considerations

High-bandwidth multimedia traffic is a standard service offering and must thus be considered by all architecturesBackhaul & Client-Server traffic is invariant to the different architectures

Policy enforcement close to subscriber may save backhaul bandwidth

Multicast traffic is efficient if replication happens close to the subscriber Saves bandwidth in the aggregation networkFavors multi-edge or distributed architectures

Traffic local to a BRAS can be handled more efficiently by distributed architecture

Optimized Routing for peer-to-peer routingLocal Video CachingService Interconnection to PSTN?Important for mobile traffic patterns!?BRAS IP Address allocation already supports this



Single-Edge


19


P2P Traffic

P2P applications (e.g. Skype, BitTorrent, Gnutella) have been main contributors to bandwidth growth in past years

Need to differentiate between P2P Downloads and P2P live streaming

P2P changes communication patternsPotential to keep more traffic localTraffic downloaded from closest users

But: so far, little empirical evidence how much traffic remains geographically local IP addresses carry no geographical significance -> different administrative domains

Source: http://www.cs.ucr.edu/~marios/Papers/UCR-CS-2007-05001.pdf


P2P Traffic—Impact of Video P2P Streaming

P2P overlays now considered for live video streaming (Coolstreaming, PPLive)

Flash crowd streamsChinese spring festival with up to 225K concurrent users @ 300 Kbps

Algorithm similar to BitTorrentStreaming server acts as source root Joining peer receives candidate list of peers who are able to stream (e.g. 50 peers)Joining peer then selects subset based on RTT (e.g. 5 peers) and receives buffer maps with streaming segmentsUpdated membership information continuously exchanged between peers to communicate state changes.Requested streaming segments received in both push & pull mode into receiving application buffer

Differentiation between IPTV and Internet TV using over-the-top distribution

IPTV: SP video streaming over closed IP networks

Source: HeavyReading, “Internet TV, Over-the-Top Video, & the Future of IPTV Services”, Vol. 5, No. 10, June 2007


20


Service Flexibility

Increasing requirement for value added servicesVoIP and Video services motivate SBCsApplication-aware services motivate DPI technologies, e.g. Most P2P traffic can no longer be identified at layer 4Security services gaining popularity

Single-edge architectures have more flexibility for quad-play servicesPay-as-you grow: incremental service roll-outIntegrated services could be realized either with service-blades or built-in

Distributed architecture more conducive for wholesaleFacilitates local wholesale modelL3VPN-based business or wholesale servicesPseudowire L2VPN services for business or wholesaleStill there are shared segments (QoS) in getting to the customer


EdgeClustered Multi-EdgeUnclustered Multi-EdgeClustered Single-EdgeUnclustered

Single-Edge


Service Flexibility: Security

Per-user firewalls and encryption increasingly demandedSignificant CPU requirements

Offers centrally managed security for broadband subscribers

Distributed architecture more conducive to integrated security servicesDropping packets close to subscriber saves backhaul

Localization of security attackes

faster mitigation leads to higher service availability

L2TP Internet

ASR 1000 LNS + IOS FW

LAC

ATM

IOS Firewall policies are downloaded from RADIUS and applied per subscriber on virtual access interfaces

RADIUS Syslog

DSLAM

PPPoXPPPoX

DSLRouter

DSLModem and PPPoEClient


21


Service Flexibility: Session Border Controller

Session Border Controllers (SBC) are critical to enable rich media video telecommunications across networks with simultaneous support for voice/video/data

SBC enables direct IP to IP Interconnect between multiple Administrative Domains for Session-Based Services:

Protocol Translation

Network Hiding / Security

Call Admission Control

Quality of Service (QoS)

Billing

TCL for customized applications

Toolkit of functions

Signaling Border Element (SBE)

H.323 SIP HA

AAA CDR

Policy

VPN Control

Session Control Interface

Data Border Element (DBE)

NAPT QoS HA

RTP Policy

SBC Architecture

Based on H.248


Service Flexibility: Deep Packet Inspection

Flexible Packet MatchingStateless packet matchingXML-based traffic description (protocol header description files)Can match on protocol stack, bit pattern, header fields

Network Based Application Recognition (NBAR)Identifies over 90 applications and protocols TCP and UDP port numbersStatically assignedDynamically assigned during connection establishmentNon-TCP and non-UDP IP protocolsData packet inspection for matching values

Distributed architectures allow more scalability

ToS SourceIP Addr

DestIP Addr

SrcPort

Sub-Port/Deep InspectionDstPort

Protocol

TCP/UDP Packet Data AreaIP Packet


22


Architectural Comparison Summary

Scalability – System Resources

?CapExScalability – Bandwith per SubscriberScalability – Policy Control & Enforcement

Scalability – TransportOperational – ProvisioningOperational – TroubleshootingService AvailabilityTraffic PatternService Flexibility

DistributedCentralizedUnclusteredSingle-Edge

Clustered Multi-Edge

UnclusteredMulti-Edge

Clustered Single-Edge

UnclusteredSingle-Edge


Sample NGN Broadband Architectures


23


Case Study 1: Distributed Unclustered Single-Edge

CPE

CoreAccess Edge(~5K)

PON

Agg.(~50K)

Core NetworkMPLS /IPIntegrated

Edge

10GEAccess Switch

CPE

SBC

MGW

POTSVV

VoIP Operators

LNS

ISP & Content

Providers

RACSApplications

B’cast TV

Video Conf

VoIP/SIP

VOD

…

H.248

Gq’

Service OfferingsVoice & Video Telephony (SBC, v6/v4)

IPTV VoD (SBC, HDTV, v6)Internet Access (BB, LAC, PPPoE, v4)

IPTV B’cast TV (Multicast, SDTV/HDTV, v6)

AAA/AAA/DHCPDHCP


CPEE-DSLAM

PE-AGG / UPE

SL

SL

Class A

Class C

Class B

• Treated as any other “trunk” network:

Could use perclass PQ+CBQ, oroverprovision

• Upstream anddownstream per ISP aggregate per class

- police

• No QOS required

BRAS/NPE Hierarchical QOS

SVLAN

SVLAN

• SVLAN shaping with sum of shaped rates allowed to exceed interface rate

• Configured by CLI

• Subscriber line level shaping• Sum of shaped rates can exceed SVLAN rate• Priority propagation for voip and video traffic• Configurable share of remaining bandwidth • Configurable overhead accounting• May be configured via CLI or using dynamically using RADIUS

Operational—Provisioning: 3-Layer Hierarchical QoS Scheduling

ASR 1000: available10000: available7600: available7200: available


24


Service Availability:Broadband High Availability

For PPPoX sessions terminated on the active route processor (RP):1. PPPoX session information is synchronized to standby RP 2. If active RP fails, PPP sessions become active on standby RP3. ATM virtual circuits and PPPoX session IP addresses maintained as they were before

on the primary RP

Works with NSF (OSPF, IS-IS, BGP)Supports In-Service Software Upgrades (ISSU)Up to 32,000 PPPoX sessions supported

ASR1000: 2H CY0810000: available7600: available

CPE

PPPoX

DSLAM

PPPoX

Cisco 10000ATM

RadiusServer


For L2TP sessions terminated on the active route processor (RP):1. L2TP control channel information is synchronized to standby RP (e.g. tunnel ID,

sessions IDs, data sequencing status etc) 2. If active RP fails, L2TP control channels become available on standby RP 3. PPPoX session carried in the L2TP tunnels and IP addresses maintained as they were

before on the primary RP

Works with NSF (OSPF, IS-IS, BGP)Supports In-Service Software Upgrades (ISSU)Up to 16,000 L2TP sessions supported

Service Availability:L2TP High-Availability

ASR1000: 2H CY0810000: End 2008

CPE

PPPoX

DSLAM

PPPoX

Cisco 10000ATM

L2TP


25


Case Study 2: Centralized Clustered Multi-Edge

Access Edge(~100)

DSL

L2 Aggregation(~600 | ~100)

GE BNG

Core


GE

GE

Applications

Video Conf

VoIP/SIP

VOD

…B’cast TV

B’cast TV

MSE

Residential

STB

Internet Voice

Business

Corporate

VoD / TV Business


Residential

STB

BRAS Cluster

Service Availability:BRAS Clustering with PADO-Delays

PPP Smart Server Selection allows user to configure specific PADO delay for a received PADI packet.

Can be configured per bba-group or based on circuit-id/remote-id

In case of an outage of a BRAS in the cluster, other BRAS stand ready to accept subscriber sessions

Detection of failure possible at both ends of PPPoE session because of missing keepalives

Subscriber sessions have to be re-established

Allows BRAS redundancy with predictable behavior

E-DSLAMEthernet

Aggregation

PADI1

PADI

PADO

PADIPADI

PADO

PADO

2PADO

3PADR

4PADS

PADR

PADS

Delay

PPPoE

ASR1000: 2H CY0810000: available


26


Application Provider

AAA

Access Provider

AAA

L2-EthernetAccessNetwork L3 Core

DHCP Server

1. User PC initiates a PPP session. ISG creates session and defaults service are installed.

2. ISG authenticates user and retrieves user profile.

3. ISG retrieves service profile for auto-logon service. A policy directive stipulates that further authentication is required.

4. ISG authenticates service using username & password retrieved from user profile.

5. ISG install new service and user has full access to service.

User PC

1

2

3 4

5

Service Availability:Intelligent Services Gateway (ISG)

ISG handles the key aspects of service control:

Subscriber identification

Service and policy determination

Session policy enforcement

Session life-cycle management

Accounting for access and service usage

Provides dynamic provisioning and activation of services

Open, standards-based interfaces

Support smooth transformation from PPP to IP

ASR1000: 2H CY0810000: available7600: available7200: available


Policy Control and Enforcement:ISG-SCE Common Control Bus

Service Control Engine (SCE) operates as delegate of the Intelligent Services Gateway (ISG) through a common control-bus:

ISG establishes subscriber-contexts on SCE and enforces policiesSCE provides ISG with application-layer accounting; ISG combines into master accounting records and communicates to OSS

BenefitsSingle northbound interface from ISG (BRAS)Single Unified subscriber databaseCAPEX/OPEX optimized deployment:

Only need to integrate with one platform (ISG)Reduced resource requirements on AAA/policy layer

Increased Scale and Reliability

SCE

SCE Mngmt

ISG

AAA

ISG SCE

AAA

Policy & Auth

Accounting

Policy & Auth

AccountingControl Bus

TODAY:ISG and SCE deployed independently

ISG and SCE integrated

ASR1000: 2H CY0810000: available7600: available


27


Policy Control and Enforcement:Dynamic Policies

Dynamic service policies: QoS Policy Maps constructed by ISG with RADIUS-based parameter inputs

RADIUS communicates parameter values using Cisco 250/252 VSA

Hierarchical ISG service policy must exist for the ISG subscriber session

Acts as default policy map in case no RADIUS parameterizations are received for a session

Dynamic policies always take precedence over the default policies

Dynamic RADIUS operations:Adding and removing classes

Adding and removing actions: shape, police, priority, bandwidth, and set coscommands

Modifying the average rate for the above actions

Activating and deactivating child policy maps

10000: End 2008


Policy Control and Enforcement:Dynamic Policies—Example

First-sign-of-life Example: CoA Example:policy-map Policer

class policer-tc

accounting aaa list AAA_List

police input 8000 10000 12000

police output 8000 10000 12000

The ISG receives the following parameterized ISG policing VSA in a CoAmessage:

252 binary 0b suffix “policer(acct_mlist=AAA_List,cirin=9000,cbrin=11000,ebrin=13000, cirout=9000, cbrout=11000, ebrout=13000”

The ISG copies the original Policer policy and processes the VSA to create the following parameterized transient policy named Policer1:

policy-map Policer1

class policer-tc

accounting aaa list AAA_List

police input 9000 11000 13000

police output 9000 11000 13000

CPE DSLAM ISG RADIUS

1 Session start (FSOL)

2Install default

policies

3 Access Request

4Retrieve

Parameters

5Access Accept

6Install dynamic

policies


28


Case Study 3: Centralized Clustered Multi-Edge

CoreAggregationAccess Edge

Dist-node

BRAS

SR/PE

DPI

Core NetworkMPLS /IPAggregation Network

MPLS/IP

Dist-node




Billing


Cable

PON

DSL

ETTX

Residential

Residential

STB

Business

Corporate

Content Farm

VOD TV SIP

STB

Content Farm

VOD TV SIP

☺Mobile

Cable

MSPP

L2 P-to-P (local or xconnect)L2 MP local bridgingL2 MP VPLSL3 routed

UntaggedSingle taggedDouble tagged802.1q802.1adetc

Aggr-Node

7600 with ES-20 Line Cards


Flexible VLAN

TagMatching

Flexible VLAN

TagMatching

H-QoSPer VLANH-QoS

Per VLAN

L3L3

EoMPLSEoMPLS

VPLSVPLS

Local connect (P2P)Local connect (P2P)

Local Bridging (MP)Local Bridging (MP)

SecuritySecurityFlexible

VLANTag

Rewrite

Flexible VLANTag

Rewrite

Service Instance (Ethernet Flow Point)

EVC

Ethernet Virtual Connection (EVC) Overview

One service instance (EFP) can match one or multiple or range of VLANs at a time

One service instance (EFP) can match one or multiple or range of VLANs at a time

Flexible L2/L3 service mapping, one or groups of EFPs can map to same EVC

Flexible L2/L3 service mapping, one or groups of EFPs can map to same EVC

Per service featuresPer service features

• VLAN local port significance• Two VLAN tag aware• Flexible VLAN tag matching (combination of up to two tag)

• VLAN local port significance• Two VLAN tag aware• Flexible VLAN tag matching (combination of up to two tag)

Flexible VLAN tag manipulation, pop/push/translateFlexible VLAN tag manipulation,

pop/push/translate


29


Summary


Summary

Multimedia Services challenge existing broadband aggregation architecturesBroadband architectures can be distinguished along different dimensions

Geographical distribution (centralized vs. distributed)Single-edge vs. multi-edge policy enforcementClustered vs. unclustered

Centralized multi-edge broadband aggregation architecture can be evolved to facilitate the introduction of multimedia servicesClustering or multi-edge approaches improve overall service availability

Failures affect a smaller number of subscribers

Distributed single-edge services architecture provides required flexibility for quad-play multimedia services

Combines scalability with operational advantages


30


Q and A


Recommended ReadingK. Reddy, “Building MPLS-Based Broadband Access VPNs”, Cisco Press, Nov. 2004, ISBN-13: 978-1-58705-136-4.

R. Wood, “Next-generation Network Services”, Cisco Press, Nov. 2005, ISBN-13: 978-1-58705-159-3.

K. Lee, F. Lim, B. Ong, “Building Resilient IP Networks”, Cisco Press, Dec. 2005, ISBN-13: 978-1-58705-215-6

T. Szigeti, C. Hattingh, “End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs:, Cisco Press, Nov. 2004, ISBN-13: 978-1-58705-176-0

B. J. Carroll, “Cisco Access Control Security: AAA Administration Services”, Cisco Press, May 2004, ISBN-13: 978-1-58705-124-1.

I. Pepelnjak, J. Guichard, J. Apcar, “MPLS and VPN Architectures, Volume II”, Cisco Press, Jun. 2006, ISBN-13: 978-1-58705-112-8.

I. Pepelnjak, J. Guichard, “MPLS and VPN Architectures”, Cisco Press, Oct. 2000, ISBN-13: 978-1-58705-002-2.

Available Onsite at the Cisco Company Store


31


References

Other Interesting CiscoLive Networkers 2008 SessionsBRKAGG-2000: Implementation and utilization of Layer 2 VPN Technologies

BRKOPT-2302: Policy Control Architectures for Next Generation Networks: Standards and Reality

TECAGG-2003 Layer 2 Virtual Private Networks – Converged IP/MPLS Network

BRKNMS-2051 Optimizing a Service Provider Infrastructure for IPTV Services

BRKOPT-2111 Carrier Ethernet Aggregation Networks for Business and Residential Services

BRKVVT-2101 IPTV Service Architecture Design and Deployment

HeavyReading, “IP Video and the New Broadband Edge”, Vol. 3, No. 20, Dec. 2005.

HeavyReading, “Internet TV, Over-the-Top Video, & the Future of IPTV Services”, Vol. 5, No. 10, June 2007.

M. Iliofotou, P. Pappu et al., “Network Traffic Analysis using Traffic DispersonGraphs (TDGs): Techniques and Hardware Implementation”, available from http://www.cs.ucr.edu/~marios/Papers/UCR-CS-2007-05001.pdf

Ellacoya Networks, “Ellacoya Data Shows Web Traffic Overtakes Peer-to-Peer (P2P) as Largest Percentage of Bandwidth on the Network “, http://www.ellacoya.com/news/pdf/2007/NXTcommEllacoyaMediaAlert.pdf


Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Passport points for each session evaluation you complete.

Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.

Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.


32



Backup

multiservice edge architectures and solutions for service ...faculty.ccc.edu/mmoizuddin/cisco live...

Documents